iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-03-28 17:42:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,804 Commits 7 Branches 89 Tags
a7d26bb598a8c8aaf8a7080ee4a9f0f9036f1b59
Commit Graph

10 Commits

Author SHA1 Message Date
psychon
a7d26bb598 Fix a crash bug in WebModules 
WebModules use CHTTPSock for the HTTP server. That class requires a CModule
instance for working since it's based on CSocket. This was solved by creating a
fake module instance which is destroyed when the socket is destroyed.

The problem here was that CSocket's destructor tried to access that module
instance which was already destroyed resulting in a use-after-free.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1824 726aef4b-f618-498e-8847-2d620e286838
 2010-03-10 19:16:38 +00:00
psychon
f6f7dce129 Use TCacheMap for saving the WebModules session 
With this change, sessions are automatically "garbage collected" 24h after the
last request using this session.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1823 726aef4b-f618-498e-8847-2d620e286838
 2010-03-10 17:53:57 +00:00
psychon
cbb6e14c3a Generate session IDs more securely 
We now use a lot more data for generating the session id which is fed to a hash
to make it impossible to attack specific parts of the input.

Also we now retry generating a new session id in the (improbable) case of
collision with an existing session id.

Thanks a lot to cnu for pointing out the weakness in the old code by stealing my
session cookie, you evil hacker!


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1819 726aef4b-f618-498e-8847-2d620e286838
 2010-03-09 19:44:24 +00:00
psychon
c9f26ba05f Move the list of sessions to a more "public" place 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1806 726aef4b-f618-498e-8847-2d620e286838
 2010-03-04 14:10:45 +00:00
psychon
9f742b352d Use a random string instead of an md5 hash for session IDs 
This string has the same length as the md5 hash, but it does actually contain
more entropy. Also, why md5? :/


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1804 726aef4b-f618-498e-8847-2d620e286838
 2010-03-04 14:03:27 +00:00
prozacx
c27713cc1d Added support for cookies and sessions. Logging in is now done via cookies. 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1799 726aef4b-f618-498e-8847-2d620e286838
 2010-03-01 01:22:02 +00:00
psychon
8e5960983b Add our copyright header to WebModules.cpp 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1795 726aef4b-f618-498e-8847-2d620e286838
 2010-02-25 12:30:14 +00:00
prozacx
aff85c2244 Added F_ADMIN flag to CWebSubPage to require admin privs on a page-by-page basis 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1792 726aef4b-f618-498e-8847-2d620e286838
 2010-02-24 06:28:39 +00:00
prozacx
45caa26d86 Renamed GetWebNavTitle() to GetWebMenuTitle() to keep in line with the name of the Menu.tmpl file 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1787 726aef4b-f618-498e-8847-2d620e286838
 2010-02-23 06:09:21 +00:00
prozacx
ad92c58c42 Initial commit of webmods - still lots of work to be done 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1784 726aef4b-f618-498e-8847-2d620e286838
 2010-02-22 07:40:22 +00:00